CVE-2024-1817 | Demososo DM Enterprise Website Building System up to 2022.8 Cookie indexDM_load.php dmlogin is_admin improper authentication

A vulnerability has been found in Demososo DM Enterprise Website Building System up to 2022.8 and classified as critical. Affected by this vulnerability is the function dmlogin of the file indexDM_load.php of the component Cookie Handler. The manipulation of the argument is_admin with the input y leads to improper authentication.

This vulnerability is known as CVE-2024-1817. The attack can be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-1817 | Demososo DM Enterprise Website Building System up to 2022.8 Cookie indexDM_load.php dmlogin is_admin improper authentication

Related Posts

CVE-2024-24256 | Yonyou space-time enterprise information integration platform saveMove.jsp information disclosure

CVE-2024-10192 | PHPGurukul IFSC Code Finder Project 1.0 search.php cross site scripting

CVE-2023-49674 | NeuVector Vulnerability Scanner Plugin up to 1.22 on Jenkins permission

CVE-2024-52565 | Siemens Tecnomatix Plant Simulation prior 2302.0018/2404.0007 WRL File out-of-bounds write (ssa-824503)